aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/process_keys.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/process_keys.c')
-rw-r--r--security/keys/process_keys.c112
1 files changed, 75 insertions, 37 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index ea55cf9acf36..930634e45149 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -1,4 +1,4 @@
1/* Management of a process's keyrings 1/* Manage a process's keyrings
2 * 2 *
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -21,13 +21,13 @@
21#include <asm/uaccess.h> 21#include <asm/uaccess.h>
22#include "internal.h" 22#include "internal.h"
23 23
24/* session keyring create vs join semaphore */ 24/* Session keyring create vs join semaphore */
25static DEFINE_MUTEX(key_session_mutex); 25static DEFINE_MUTEX(key_session_mutex);
26 26
27/* user keyring creation semaphore */ 27/* User keyring creation semaphore */
28static DEFINE_MUTEX(key_user_keyring_mutex); 28static DEFINE_MUTEX(key_user_keyring_mutex);
29 29
30/* the root user's tracking struct */ 30/* The root user's tracking struct */
31struct key_user root_key_user = { 31struct key_user root_key_user = {
32 .usage = ATOMIC_INIT(3), 32 .usage = ATOMIC_INIT(3),
33 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 33 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
@@ -39,7 +39,7 @@ struct key_user root_key_user = {
39}; 39};
40 40
41/* 41/*
42 * install user and user session keyrings for a particular UID 42 * Install the user and user session keyrings for the current process's UID.
43 */ 43 */
44int install_user_keyrings(void) 44int install_user_keyrings(void)
45{ 45{
@@ -121,7 +121,8 @@ error:
121} 121}
122 122
123/* 123/*
124 * install a fresh thread keyring directly to new credentials 124 * Install a fresh thread keyring directly to new credentials. This keyring is
125 * allowed to overrun the quota.
125 */ 126 */
126int install_thread_keyring_to_cred(struct cred *new) 127int install_thread_keyring_to_cred(struct cred *new)
127{ 128{
@@ -137,7 +138,7 @@ int install_thread_keyring_to_cred(struct cred *new)
137} 138}
138 139
139/* 140/*
140 * install a fresh thread keyring, discarding the old one 141 * Install a fresh thread keyring, discarding the old one.
141 */ 142 */
142static int install_thread_keyring(void) 143static int install_thread_keyring(void)
143{ 144{
@@ -160,9 +161,10 @@ static int install_thread_keyring(void)
160} 161}
161 162
162/* 163/*
163 * install a process keyring directly to a credentials struct 164 * Install a process keyring directly to a credentials struct.
164 * - returns -EEXIST if there was already a process keyring, 0 if one installed, 165 *
165 * and other -ve on any other error 166 * Returns -EEXIST if there was already a process keyring, 0 if one installed,
167 * and other value on any other error
166 */ 168 */
167int install_process_keyring_to_cred(struct cred *new) 169int install_process_keyring_to_cred(struct cred *new)
168{ 170{
@@ -191,8 +193,11 @@ int install_process_keyring_to_cred(struct cred *new)
191} 193}
192 194
193/* 195/*
194 * make sure a process keyring is installed 196 * Make sure a process keyring is installed for the current process. The
195 * - we 197 * existing process keyring is not replaced.
198 *
199 * Returns 0 if there is a process keyring by the end of this function, some
200 * error otherwise.
196 */ 201 */
197static int install_process_keyring(void) 202static int install_process_keyring(void)
198{ 203{
@@ -213,7 +218,7 @@ static int install_process_keyring(void)
213} 218}
214 219
215/* 220/*
216 * install a session keyring directly to a credentials struct 221 * Install a session keyring directly to a credentials struct.
217 */ 222 */
218int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 223int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
219{ 224{
@@ -253,8 +258,8 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
253} 258}
254 259
255/* 260/*
256 * install a session keyring, discarding the old one 261 * Install a session keyring, discarding the old one. If a keyring is not
257 * - if a keyring is not supplied, an empty one is invented 262 * supplied, an empty one is invented.
258 */ 263 */
259static int install_session_keyring(struct key *keyring) 264static int install_session_keyring(struct key *keyring)
260{ 265{
@@ -275,7 +280,7 @@ static int install_session_keyring(struct key *keyring)
275} 280}
276 281
277/* 282/*
278 * the filesystem user ID changed 283 * Handle the fsuid changing.
279 */ 284 */
280void key_fsuid_changed(struct task_struct *tsk) 285void key_fsuid_changed(struct task_struct *tsk)
281{ 286{
@@ -289,7 +294,7 @@ void key_fsuid_changed(struct task_struct *tsk)
289} 294}
290 295
291/* 296/*
292 * the filesystem group ID changed 297 * Handle the fsgid changing.
293 */ 298 */
294void key_fsgid_changed(struct task_struct *tsk) 299void key_fsgid_changed(struct task_struct *tsk)
295{ 300{
@@ -303,11 +308,25 @@ void key_fsgid_changed(struct task_struct *tsk)
303} 308}
304 309
305/* 310/*
306 * search only my process keyrings for the first matching key 311 * Search the process keyrings attached to the supplied cred for the first
307 * - we use the supplied match function to see if the description (or other 312 * matching key.
308 * feature of interest) matches 313 *
309 * - we return -EAGAIN if we didn't find any matching key 314 * The search criteria are the type and the match function. The description is
310 * - we return -ENOKEY if we found only negative matching keys 315 * given to the match function as a parameter, but doesn't otherwise influence
316 * the search. Typically the match function will compare the description
317 * parameter to the key's description.
318 *
319 * This can only search keyrings that grant Search permission to the supplied
320 * credentials. Keyrings linked to searched keyrings will also be searched if
321 * they grant Search permission too. Keys can only be found if they grant
322 * Search permission to the credentials.
323 *
324 * Returns a pointer to the key with the key usage count incremented if
325 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
326 * matched negative keys.
327 *
328 * In the case of a successful return, the possession attribute is set on the
329 * returned key reference.
311 */ 330 */
312key_ref_t search_my_process_keyrings(struct key_type *type, 331key_ref_t search_my_process_keyrings(struct key_type *type,
313 const void *description, 332 const void *description,
@@ -423,11 +442,12 @@ found:
423} 442}
424 443
425/* 444/*
426 * search the process keyrings for the first matching key 445 * Search the process keyrings attached to the supplied cred for the first
427 * - we use the supplied match function to see if the description (or other 446 * matching key in the manner of search_my_process_keyrings(), but also search
428 * feature of interest) matches 447 * the keys attached to the assumed authorisation key using its credentials if
429 * - we return -EAGAIN if we didn't find any matching key 448 * one is available.
430 * - we return -ENOKEY if we found only negative matching keys 449 *
450 * Return same as search_my_process_keyrings().
431 */ 451 */
432key_ref_t search_process_keyrings(struct key_type *type, 452key_ref_t search_process_keyrings(struct key_type *type,
433 const void *description, 453 const void *description,
@@ -485,7 +505,7 @@ found:
485} 505}
486 506
487/* 507/*
488 * see if the key we're looking at is the target key 508 * See if the key we're looking at is the target key.
489 */ 509 */
490int lookup_user_key_possessed(const struct key *key, const void *target) 510int lookup_user_key_possessed(const struct key *key, const void *target)
491{ 511{
@@ -493,9 +513,22 @@ int lookup_user_key_possessed(const struct key *key, const void *target)
493} 513}
494 514
495/* 515/*
496 * lookup a key given a key ID from userspace with a given permissions mask 516 * Look up a key ID given us by userspace with a given permissions mask to get
497 * - don't create special keyrings unless so requested 517 * the key it refers to.
498 * - partially constructed keys aren't found unless requested 518 *
519 * Flags can be passed to request that special keyrings be created if referred
520 * to directly, to permit partially constructed keys to be found and to skip
521 * validity and permission checks on the found key.
522 *
523 * Returns a pointer to the key with an incremented usage count if successful;
524 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
525 * to a key or the best found key was a negative key; -EKEYREVOKED or
526 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
527 * found key doesn't grant the requested permit or the LSM denied access to it;
528 * or -ENOMEM if a special keyring couldn't be created.
529 *
530 * In the case of a successful return, the possession attribute is set on the
531 * returned key reference.
499 */ 532 */
500key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 533key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
501 key_perm_t perm) 534 key_perm_t perm)
@@ -703,10 +736,15 @@ reget_creds:
703} 736}
704 737
705/* 738/*
706 * join the named keyring as the session keyring if possible, or attempt to 739 * Join the named keyring as the session keyring if possible else attempt to
707 * create a new one of that name if not 740 * create a new one of that name and join that.
708 * - if the name is NULL, an empty anonymous keyring is installed instead 741 *
709 * - named session keyring joining is done with a semaphore held 742 * If the name is NULL, an empty anonymous keyring will be installed as the
743 * session keyring.
744 *
745 * Named session keyrings are joined with a semaphore held to prevent the
746 * keyrings from going away whilst the attempt is made to going them and also
747 * to prevent a race in creating compatible session keyrings.
710 */ 748 */
711long join_session_keyring(const char *name) 749long join_session_keyring(const char *name)
712{ 750{
@@ -778,8 +816,8 @@ error:
778} 816}
779 817
780/* 818/*
781 * Replace a process's session keyring when that process resumes userspace on 819 * Replace a process's session keyring on behalf of one of its children when
782 * behalf of one of its children 820 * the target process is about to resume userspace execution.
783 */ 821 */
784void key_replace_session_keyring(void) 822void key_replace_session_keyring(void)
785{ 823{